🛡️ AI Safe Compliance Report
What is the AI Compliance Report?
The AI Safe product enables customers to connect with external LLMs while ensuring compliance when handling personal data in accordance with the EU GDPR and the EU AI Act.
Our AI Compliance Report helps our customers assess their compliance with measurable data compliance parameters. Our USP is that we help clients assess their compliance not only for employees but also for their customers. We provide Two Levels of Compliance for customers.
Current Features:
- Frontend for generating the AI Compliance Report is available.
- In upcoming releases, Compliance settings will be integrated to implement Data Subjects' Rights, such as:
- Right to Forget
- Right to Access and Data Portability
- Data Storage and Retention.
Generating the AI Safe Compliance Report:
- The Data Protection Officer (DPO) can click on the Reports icon in the left navigation panel.
- This will lead them to the Report Screen, where they can view all the generated reports, including:
- Period
- Generated by
- Industry
- Status
- Action to Download
- To generate a new AI Safe Compliance Report:
- The DPO can click on the +Report button.
- Select Report Type as "AI Safe Compliance Report", choose Industry, select the From and To Dates, and click on + Create.
- The AI Safe Compliance Report will be generated, and the DPO can download and view it.
Contents of an AI Safe Compliance Report:
1. Data Anonymization:
- Data anonymization involves removing or altering personal information to prevent identification while retaining data for analysis.
- The report summarizes:
- Number of personal names, phone numbers, and email addresses sent to the LLM server.
- How many were transmitted without anonymization.
- Number of personal information items found in popular lists.
| # of Personal Names sent to LLM Server |
|---|
| Sent after Anonymisation | 187,524 |
| Present on Popular Lists | 10 |
| Sent without Anonymisation | 0 |
| # of Phone Numbers sent to LLM Server |
|---|
| Sent after Anonymisation | 15,021 |
| Sent without Anonymisation | 0 |
| # of Personal Names sent to LLM Server |
|---|
| Sent after Anonymisation | 18,743 |
| Sent without Anonymisation | 0 |
2. Right to Forget:
- The Right to Forget enables individuals to request the deletion of their personal data when it is no longer necessary or lawful to retain it.
- The report summarizes the number of Right to Forget requests from employees and patients, tracking data deletion activitie
| # of Requests |
|---|
| Employee | 5 |
| Patient | 5 |
| Total | 10 |
3. Data Storage and Retention:
- Data Storage and Retention defines how long personal data is kept and the conditions under which it is securely stored in compliance with privacy laws.
- The report details the storage and retention periods for data, ensuring compliance with organizational and regulatory requirements.
| # of Data Storage and Retention |
|---|
| Data Storage Location | European Union |
| Data Storage Duration | 30 Days |
4. Right to Access and Data Portability:
- Right to Access and Data Portability allows individuals to obtain and transfer their personal data in a structured, machine-readable format.
- The report summarizes requests for data access and portability from employees and patients.
| # of Requests for Downloads |
|---|
| Employee | 5 |
| Patient | 3 |
| Total | 8 |
5. Data Breach:
- A data breach occurs when unauthorized individuals gain access to confidential or sensitive personal data, potentially exposing it to misuse or harm.
- The report highlights:
- The number of data breach notifications issued.
- The number of data breaches prevented.
- Emphasizing the system's effectiveness in maintaining data security.
| Count |
|---|
| Data Breach Notifications | 1 |
| Data Breaches Prevented | 1 |
| Total | 2 |
5. Sensitive Data:
- Sensitive attributes are identified by the client and activated in the system, by system administrator. Once identified there is no choice for the user to send such information via the APIs processed by the application.
The report highlights, such attributes, which were detected and prevented from being sent to the LLM. Once detected, the attributes were replaced with suitable placeholders, allowing the user to have a meaningful reply from the LLM, while preventing any sensitive data to be sent
| Patient ID |
|---|
| Sent after Anonymisation | 3105 |
| Sent without Anonymisation | 0 |
| # of Application Configuration files |
|---|
| Sent after Anonymisation | 2 |
| Sent without Anonymisation | 0 |
| # of Third-Party service Credentials / Cloud Credentials |
|---|
| Sent after Anonymisation | 25 |
| Sent without Anonymisation | 0 |
| # of API Keys and Client secrets |
|---|
| Sent after Anonymisation | 11 |
| Sent without Anonymisation | 0 |
| # of Code with Identified keywords |
|---|
| Sent after Anonymisation | 5 |
| Sent without Anonymisation | 0 |